Hi!
I am deciding on a router to purchase to increase privacy on my home LAN. The Flint 2 came up several times on the forum, but I haven’t seen anybody use it long term yet.
My plan is setup a VPN and IoT VLAN for my IoT devices on the router.
For the people who are using it, is the router stable? How well does it work with a VPN like Mullvad or ProtonVPN? If not, what other alternatives can be suggested?
Thanks in advance. 
Yes very good choice! 
Yes, the MT-6000 is also an S-tier recommendation on OpenWrt’s own forum too (just like the Banana Pi BPI-R4).
I just bought one myself, didn’t get the time to play with it yet.
But people do not complain or talk about it after some time because it mostly works just fine. 
Should be able to do just that yes. 
No reason for it to break, especially if it only keeps doing its router things.
Then it mostly comes down to your personal config and other packages you do have installed.
Both have Wireguard configs, hence it should work fine when it comes down to speed (usual benchmarks go up to 850 Mbps usually).
Other alternatives are up-to date on this post of mine.
TLDR: I can let you know how it goes next month but there is no reason the Flint 2 wouldn’t work for you if you want to take the OpenWrt path.
You can also ask specific technical questions on their forum if you face any (and if they are not answered yet).
If I were you, I would go for the successor Flint 3.
As quite some people pointed out, it is not a great option + specs are worse overall too.
Stick to the 2 since OpenWrt doesn’t have a stable good WiFi 7 state anyway.
The latest is not always the greatest (no point paying more while having less). 
What? Specs of the Flint 3 are much better than the Flint 2.
Well, someday they will and then you are happy to have bought a WiFi 7 router. Until then you can still use the other WiFi versions.
In a nutshell: Reddit - The heart of the internet
Also, better features that are unused are not adding any value in itself.
The chip and setup are different tho. So no, the proper version is
by buying a Flint 3, I’ll agree on having a subpar experience until it is fully ready (VS a Flint 2)
what’s the point of buying some device that doesn’t work well out of the box?
Moreover, by the time WiFi 7 is properly implemented we might have a Flint 4 or alike.
Hence, no benefit future-proofing as of today while a better device will probably show up by the time people might need WiFi 7. Moreover, not everybody has WiFi 7 enabled clients (I don’t for example 
).
If OP understands and needs WiFi7, better to go with the BPi R4 because it is more of a dev bleeding-edge kit anyway.
As of today, there is no FOSS router that implements WiFi7 well. And the benefits are very minor if you check all the boxes for it.
Assuming OP want a basic working nice stable router, there is nothing better than the Flint 2 as of right now.
Having re-examined the specifications, it’s become abundantly clear that the second option is markedly superior to the first. I’m at a loss as to how I retained such an erroneous piece of information. Perhaps the notion was that option 2 presented a more viable alternative than option 3, or something to that effect.
I love Gl.iNet. I even visited there office (not factory). They test routers very thoroughly, even aging tests.
And they gave me gift 
Unfortunately I wasn’t allowed to take photos.
Yeah it’s a common gotcha in this situation and one would expect a v3 of a product to be better than the v2.
Meanwhile, by the magic of modern tech companies we do not always have a better iteration but sometimes and actually worse one. 
TLDR: save your bucks + sanity and get yourself a Flint 2, it should work just fine. 
Wireguard should work great. But if you are interested in Mullvad’s DAITA, you’ll need to use their app on your mobile/desktop devices for that.
I picked up Cudy WR3000S last year for under 35 bucks so I wouldn’t miss it if I ended up bricking it. Turned out to be the best 35 bucks I’ve spent in a while. I’ll likely upgrade to the Flint 4 or something more performant when it comes out, but it works well for me right now
It is worth taking a look at the GLiNET Flint 2 discussion on the OpenWrt forum.
Hi there - marked as solved - but just a note about GLiNEt and Mullvad VPN
I live in a rural area so rely on 4g mobile broadband . I have used a couple of GLinet routers over the last few years ( Spitz x750 and Spitz Plus ) and I would say that in my opinion GliNet offer good customer service , their forum is responsive and the routers ( I have used ) are stable longterm . Kissu has answered the specifics of the Flint 2 for you.
In relation to Mullvad VPN , I did originally set it up on the router and that worked fine .
However , there were several usability issues for my use case ( that may not apply to you )
Of course , these constraints may not apply to you , but just wanted to share my experience ,if Mullvad VPN is key to your router usage
Have a good day everybody
I’ve had it a couple years, it is solid. ProtonVPN works fine, just download ProtonVPN Wireguard config(s) and set it up in the router GUI.
I’ve had a couple instances where I woke up and it just didn’t work and I had to restart my router (it happens like any router) and one time I had to fully reset it. Not sure what happened there.. I might have been on a beta version, I can’t remember. I would highly recommend downloading a backup of your settings once you have things the way you want them. Just in case.
I really wish their VPN policy mode would allow me to whitelist certain domains and ALSO only apply VPN to main network (not guest network) at the same time. Its only one or the other, even though the feature has been on the roadmap for a long time. I tried to do it myself with LuCI but I’m not networking smart enough. They did add some extra policy mode functionality in the last big update.
I appreciate that a fair amount of functionality is very easily configurable in the web GUI. Also it’s nice to see updates still coming slowly over time.
Keep an eye out for updates because they do release them occasionally but I’ve never been notified of them automatically in the GUI, I had to download them myself.
This should be possible with any router running OpenWrt or Linux in general. You need to set a non-default routing table for your clearnet WAN interface and then add routing rules to explicitly route things like your VPN connection and guest network using that table.
Read about Linux routing rules and routing tables (ip rule, ip route commands) if you want a deeper understanding.
100 clearnet to /etc/iproute2/rt_tables. You can pick another number and name, but don’t repeat anything already used there. This allows to refer to your custom routing table by name rather than by number.clearnet (100) or whatever you named it. This will move WAN routes from the default routing table to your custom one.Is this a feature from vendor firmware? Such “modes” may have implementation mistakes. You’ll have less to believe in if you flash OpenWrt and set up routing and firewall rules by yourself.
See my post above for not applying VPN to guest network. Whitelisting domains might present a challenge because routing and firewall rules apply to IP addresses, not domains.
Thank you finding the time to share this
A few years ago I looked at DD-WRT vs Open WRT and hardware compatibility and it made my head hurt … but I was trying to harden Ubuntu and didnt want to change too many things at once ..
Now I have been using OpenWrt via GLinet and I have a spare router , I can try again to use the full functionality of OpenWrt without my partner noticing every time I configure something wrong .. even if it wasnt ( always ) my fault
Thanks again for the push to do keep ‘exploring’ - have a good day